Apache-AuthCookiePAM
view release on metacpan or search on metacpan
AuthCookiePAM.pm view on Meta::CPAN
if ( $res != PAM_SUCCESS()) {
$r->log_error("ERROR: Authentication for $user Failed\n");
$r->subprocess_env('AuthenReason', 'Authentication failed. Username/Password provided incorrect.');
$pamh=0;
undef $pamh;
return undef;
}
else { # Now check if account is valid
$res = $pamh->pam_acct_mgmt();
if ( $res == PAM_ACCT_EXPIRED() ) {
$r->log_error("ERROR: Account for $user is locked. Contact your Administrator.\n");
$r->subprocess_env('AuthenReason', 'Account for $user is locked. Contact your Administrator.');
return 'bad';
}
if ( $res == PAM_NEW_AUTHTOK_REQD() ) {
$r->log_error("ERROR: PAssword for $user expired. Change Password\n");
$r->subprocess_env('AuthenReason', 'Password Expired. Please Change your password.');
return $r->auth_type->changepwd_form ($user);
}
if ( $res == PAM_SUCCESS() ) {
# Create the expire time for the ticket.
my $expire_time;
techspec.txt view on Meta::CPAN
* Authentication.
Authentication is based on a username and password. These are supplied in
plaintext by the user in a form submission through Apache::AuthCookie. These
are then passed on to the pam sytem.
* Account Management
When a user successfully authenticates A call to Pam account management is
made to check if the account is allowed to get access to the system. The
account could be locked or requires to change password.
If account is locked user is prompted to login again. If the account requires
a new password then the user is presented with the specified password change form.
* Tickets.
When a user successfully authenticates, they are issued a cookie with a
session value. This value consists of a serialized version of
the userid, an issue time, an expiration date, and a two-round MD5 checksum
of the userid and times and a server secret key. This checksum
ensures that when the ticket is returned we can see that it has not been
( run in 0.503 second using v1.01-cache-2.11-cpan-49f99fa48dc )